The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
The device OLT Web Management Interface is vulnerable to unauthenticated configuration download and information disclosure vulnerability when direct object reference is made to the usrcfg.conf file using an HTTP GET method. This will enable the attacker to disclose sensitive information and help her in authentication bypass, privilege escalation and/or full system access.
Simple SQL injection after login bypass(login_required didn't used). An attacker can send a specially crafted HTTP request containing an SQL injection payload in the 'username' parameter to the '/check_users/' page. This can be used to bypass authentication and gain access to the application.
Stored XSS after login bypass(login_required didn't used). First of all following request is sent web server: POST /data/ HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------191691572411478 Content-Length: 332 Connection: close Referer: http://127.0.0.1:8000/data/ Cookie: csrftoken=Mss47G2ILybbQoFYXpVPlWNaUzGQ5yKoXGRPucrKIG4gz5X9TVEPQJtItbqN9SM6; _ga=GA1.4.567905900.1569231977 Upgrade-Insecure-Requests: 1 -----------------------------191691572411478 Content-Disposition: form-data; name="csrfmiddlewaretoken" 0sryZfN7NDe4UUwhjehPQxPRtaMSq85nbGQjmLc9KL79DBOsfK0Plkvp2MwPus75 -----------------------------191691572411478 Content-Disposition: form-data; name="server_name" <h1>test -----------------------------191691572411478-- After following request is sent web server: GET /show_search/ HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Connection: close Referer: http://127.0.0.1:8000/data/ Cookie: csrftoken=Mss47G2ILybbQoFYXpVPlWNaUzGQ5yKoXGRPucrKIG4gz5X9TVEPQJtItbqN9SM6; _ga=GA1.4.567905900.1569231977 Upgrade-Insecure-Requests: 1 Finally, response is shown Xtored XSS: HTTP/1.1 200 OK Date: Thu, 26 Sep 2019 12:25:19 GMT Server: WSGIServer/0.2 CPython/3.7.3 Content-Type: text/html; charset=utf-8 X-Frame-Options: SAMEORIGIN <h1>test</h1>
Simple SQL injection after login bypass(login_required didn't used). An attacker can send a malicious HTTP POST request with a crafted 'server_name' parameter containing ' or '1=1' to the vulnerable application. This will bypass the authentication and return the data from the database.
Simple SQL injection after application authentication. The payloads used are boolean-based blind, error-based, time-based blind and UNION query.
A malicious query can be sent in base64 encoding to unserialize() function. It can be deserialized without any sanitization then. After it, it gets passed directly to the SQL query.
This vulnerability is in the validation mode and is located in the all-in-one-seo-pack tab inside the and the vulnerability type is stored. The vulnerability parameters are as follows: 1. Go to the 'all-in-one-seo-pack' tab; 2. Select 'general settings' section; 3. Enter the payload in "Additional Front Page Headers","Additional Posts Page Headers" section; 4. Click the "Update Options" option; 4. Your payload will run on visit page.
YzmCMS is a lightweight open source content management system that uses OOP (Object Oriented) to develop its own framework. Host Header Injection is a vulnerability that allows an attacker to inject arbitrary HTTP headers into a web application's response. This can be exploited to perform various attacks such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).
Services By CQR